Bug 1514143 - Only use trap state for unwinding innermost wasm frame (r=lth)

--HG--
extra : rebase_source : d2bf61e92a6bd05d655ad43020a82bfc53aa04fe

js/src/jit-test/tests/wasm/timeout/interrupt-multi-instance-activation.js

@@ -0,0 +1,28 @@
+// |jit-test| exitstatus: 6; skip-if: !wasmIsSupported()
+
+const {Module, Instance} = WebAssembly;
+
+const {innerWasm} = new Instance(new Module(wasmTextToBinary(`(module
+    (func (export "innerWasm") (result i32)
+        (local i32)
+        (loop $top
+            (set_local 0 (i32.add (get_local 0) (i32.const 1)))
+            (br_if $top (i32.lt_u (get_local 0) (i32.const 100000)))
+        )
+        (get_local 0)
+    )
+)`))).exports;
+
+function middleJS() {
+    innerWasm();
+}
+
+const {outerWasm} = new Instance(new Module(wasmTextToBinary(`(module
+    (func $middleJS (import "" "middleJS"))
+    (func (export "outerWasm") (call $middleJS))
+)`)), {'':{middleJS}}).exports;
+
+timeout(1);
+while (true) {
+    outerWasm();
+}

js/src/wasm/WasmFrameIter.cpp

@@ -48,9 +48,11 @@ WasmFrameIter::WasmFrameIter(JitActivation* activation, wasm::Frame* fp)
 
   // When the stack is captured during a trap (viz., to create the .stack
   // for an Error object), use the pc/bytecode information captured by the
-  // signal handler in the runtime.
+  // signal handler in the runtime. Take care not to use this trap unwind
+  // state for wasm frames in the middle of a JitActivation, i.e., wasm frames
+  // that called into JIT frames before the trap.
 
-  if (activation->isWasmTrapping()) {
+  if (activation->isWasmTrapping() && fp_ == activation->wasmExitFP()) {
     const TrapData& trapData = activation->wasmTrapData();
     void* unwoundPC = trapData.unwoundPC;